When sending messages over the Internet, public key encryption may be used.

Public key encryption is the use of complex mathematical formulas to make data unreadable. Under public-key encryption, two different keys are used, one for encrypting the data and a second key to decrypt it.

Someone wanting to send a message would request the recipient's digital certificate, which contains the public key, from a trusted directory, and use the public key to encrypt the message before sending. Once the message is encrypted it can only be decrypted using the intended recipient's private key.

The sender can also digitally sign the message using their own private key to prove that the message originated from them. If the message has been digitally signed, the recipient would verify the sender by obtaining the sender's digital certificate from a trusted directory and using this to verify the sender's digital signature.

The effectiveness and reliability of the digital certificate is based on the confidence all parties to a transaction have in the structure, policies and procedures surrounding the PKI system.